Durakibox

**Name of the Vulnerable Software and Affected Versions** Anchor CMS version 0.9.1 **Description** A cross-site scripting (XSS) issue exists in article.php when comments are enabled, allowing remote attackers to inject arbitrary web script or HTML via the `Name` field. **Recommendations** For Anchor CMS version 0.9.1, consider disabling comments in article.php as a temporary workaround until a patch is available. Restrict access to the `Name` field in article.php to minimize the risk of exploitation.